Russian cybercriminals are exploiting a vulnerability in Oracle software used by NHS England and the Treasury, cybersecurity researchers have cautioned. Google’s threat intelligence team identified that a Russian ransomware group known as Clop has been using a flaw in Oracle’s E-Business Suite to target multiple organisations worldwide. The software is commonly used for financial management, logistics, procurement and human resources by thousands of institutions, including major UK government departments.
++ Alleged British spies in China case leave unanswered questions after collapse
NHS Digital has urged trusts to install urgent security updates, warning that attempts to exploit these vulnerabilities are “highly likely”. According to Reuters, more than 100 organisations may already have been affected by the cyberattack, with hackers claiming to have stolen large volumes of customer data. Google’s researchers said the “extortion campaign” followed several months of infiltration, with significant data exfiltration reported in some cases.
Clop, a Russian-speaking criminal gang, is believed to be behind the attacks. The group has previously been linked to ransomware operations against American universities and the US Department of Energy. In an email to victims, the hackers wrote: “We do not seek political power or care about any business. Your only option to protect your business reputation is to discuss conditions and pay claimed sum.” Police investigations in 2021 found the gang had laundered more than $500 million in cryptocurrency.
++ Cillian Murphy becomes a meme again after appearing with Taylor Swift on The Graham Norton Show
Oracle, founded by billionaire Larry Ellison, has urged all customers to install the latest security patches “as soon as possible”. The National Cyber Security Centre, part of GCHQ, said it was continuing to monitor for any impact on UK organisations. A government spokesman added: “As you would expect, the Government Cyber Coordination Centre, in coordination with the NCSC, regularly provides expert advice and guidance to departments on a range of issues.”
